alt Hacker NewsIf you can enable a third party trust system you completely open it up for abuse. If I put my threat actor hat on, I love your idea because now I have an alternative codepath to try and exploit (where you do store third-party trusted roots for code-signing/notarization evaluations that cannot be tampered with, how do you load them, verify them, etc), but now instead of having to dance around bypassing Gatekeeper, I can just try and convince the user to install my certificates and voila, my malware behaves like a legitimate app.
Apple's root of trust for the OS and thus anything that passes AMFI/Gatekeeper scans is built into the hardware. There is no safe mechanism for introducing other roots of trust that is worth the effort.
If you don't trust Apple, why the hell are you buying their computers at all?
Replies
> There is no safe mechanism for introducing other roots of trust that is worth the effort.
Gee, if only Apple had a reason for implementing this entire feature for themselves…
> If you don't trust Apple, why the hell are you buying their computers at all?
This is the exact same false dichotomy they mentioned; it's perfectly reasonable to have a set of trusted software vendors that includes Apple but also some others, while the only choices that they support are either just Apple or literally anyone in the universe. You're conflating "trusting Apple" with "trusting no one but Apple to make it sound like the opposite of the latter is somehow also contradictory with the former.
Claiming it's "not worth the effort" is a lot easier when you've already muddied the waters like this.